Bug 41994 - Xerces won't emerge if Java 1.5 is active: security violation
Bug#: 41994 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: java@gentoo.org Reported By: trejkaz@trypticon.org
Component: Development
URL: 
Summary: Xerces won't emerge if Java 1.5 is active: security violation
Keywords:  
Status Whiteboard: 
Opened: 2004-02-17 20:13 0000
Description:   Opened: 2004-02-17 20:13 0000 
Emerging Xerces dies as described below.  Only happens on Java 1.5, not on Java
1.4.

Reproducible: Always
Steps to Reproduce:
1. emerge xerces
2. wait
3. see

Actual Results:  
ACCESS DENIED  open_wr:   /dev/random


Expected Results:  
Emerged cleanly.

Workaround: java-config sun-jdk-1.4.2.03; etc-update; source /etc/profile

Nevertheless a workaround will have to be found at some point in the future
assuming the access to /dev/random isn't a Java bug.

raven root # java -version
java version "1.5.0-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-beta-b32c)
Java HotSpot(TM) Client VM (build 1.5.0-beta-b32c, mixed mode)

raven root # emerge info
Portage 2.0.50-r1 (default-x86-2004.0, gcc-3.3.2, glibc-2.3.2-r9, 2.6.2-love1)
=================================================================
System uname: 2.6.2-love1 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.4.3.13
distcc 2.11.1 i386-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[disabled]
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -fomit-frame-pointer -march=athlon-xp"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-O3 -fomit-frame-pointer -march=athlon-xp"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="ftp://mirror.pacific.net.au/linux/Gentoo
http://public.planetmirror.com/pub/gentoo http://gentoo.oregonstate.edu
http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.au.gentoo.org/gentoo-portage"
USE="3dnow X aalib alsa apache2 apm arts avi berkdb bonobo cdr cdrw crypt cups
directfb dv dvd dvdr dvdrw encode esd fbcon flac flash foomaticdb gdbm gif gpm
gtk gtk2 gtkhtml guile imlib java javascript jikes jpeg kde libg++ libwww mad
mikmod mmx motif mozilla mpeg mysql ncurses nls offensive oggvorbis opengl oss
pam pdflib perl png postgres python qt quicktime readline ruby samba sdl slang
spell sse ssl svga tcpd tiff truetype x86 xml2 xmms xv zlib"

------- Comment #1 From Adrian Almenar 2004-02-18 19:53:21 0000 ------- 
Fixed in CVS. Thanks.

------- Comment #2 From Martin von Gagern 2004-05-11 08:53:10 0000 ------- 
I have the same thing trying to emerge php. First I had to tweak
php-sapi.eclass to build using 1.5.0-beta (patch attached). Then I get the same
result, a sanbox violation. I don't know much about sandbox configuration,
maybe you could do the same changes there as well as you did for Xerces?

------- Comment #3 From Martin von Gagern 2004-05-11 08:58:04 0000 ------- 
Created an attachment (id=31186) [details]
Change php-sapi.eclass from JDKVER 1.4.* to 1.[4-9].*

------- Comment #4 From trejkaz@trypticon.org 2004-05-16 16:42:18 0000 ------- 
Careful Martin, that looks irrelevant and this bug is already resolved.  Create
a new one, perhaps?